Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eAHky-00067M-1d for pgsql-hackers@arkaria.postgresql.org; Thu, 02 Nov 2017 15:50:12 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.84_2) (envelope-from ) id 1eAHkx-0001Af-KR for pgsql-hackers@arkaria.postgresql.org; Thu, 02 Nov 2017 15:50:11 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1eAHkw-00016H-7O for pgsql-hackers@postgresql.org; Thu, 02 Nov 2017 15:50:10 +0000 Received: from mail-wm0-x22a.google.com ([2a00:1450:400c:c09::22a]) by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.84_2) (envelope-from ) id 1eAHko-0003iT-KK for pgsql-hackers@postgresql.org; Thu, 02 Nov 2017 15:50:09 +0000 Received: by mail-wm0-x22a.google.com with SMTP id m72so2891090wmc.0 for ; Thu, 02 Nov 2017 08:50:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ogBlKlJk/AY01UvefzIUQbJsRi/tHz89BijlR8XXglo=; b=nob0eWDtj9mpWHFHvu/UKqmLcpvOqJbM+KFO0FO2qt6uIlm4Hs1Kod/pwcG5hMLos9 EiSL9Dxff6rsNBPG9TQPI+kJC4lGULCJl+GW69e5xiiDcHAte6SU8WvSF1yw+QGSykcw e1SUdXT+FayiR0Wea9xhibtW8LUQXe2Fgv6EMN9ifp9IowQbPWJGT5mlNbdMaqoaZAkT gZ4lLmf9AxeA6t1sybFsYxe8yXtpiXSP8uIThlk969557IbCoXQ4e7GbNY2CuzUtkvs1 ba9Wh2VfJtH4nzrYkqX00jdrx2QCrU/dmnQ08rvKLbBFi/cwILehjZosOxBqbh4lcPaY oXtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ogBlKlJk/AY01UvefzIUQbJsRi/tHz89BijlR8XXglo=; b=aGxWRwh3lTSd4L9+s5w4jVSiKFziUUh1quUoNJtLE0bZWBBOhIu2Jd8o2RsI1JebEL SRWkFwUfC1sggOtzecgFBxTnfNK0xOiS09tk++OMYNea3JBebK845EtORxnpiql+itxn GVgo6a44A71e/oXyAasWKZyF0keOJXsqJ7JYbEwxd1reNYr62C8NIHddA6PAKDy59xgs c21vqDUBGAAr3K9XO5NLamaFnmfq0hQzD6ACdqPyBNKvBQqfecazsF1/LRhMcv2aWczB ld7cbX6HEE8PVNKMuS4qCoCei2MR7KUCR+KwBUKs08NMFDvGodO8I0Bv05FvlswLnvPu T7Lg== X-Gm-Message-State: AMCzsaWHEi8AAdxxHLqTL+wpDj1N3/rA6Pww0nbPaxnKWAqBk5EKjGbS Mwrzs4vc5BYp/i7SeDPRJCc0nK/+/Kqsm4wnmpQ= X-Google-Smtp-Source: ABhQp+QCNtLtsBefxDi0eZOILFjg2/YSZ/ze4cgNldXXgWsJ50NoibGHVdUvHfh8s/QSy7XHtCavN5a9M/kKTXod+Us= X-Received: by 10.28.137.193 with SMTP id l184mr2001809wmd.24.1509637801538; Thu, 02 Nov 2017 08:50:01 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.146.7 with HTTP; Thu, 2 Nov 2017 08:49:20 -0700 (PDT) In-Reply-To: References: From: Pavel Stehule Date: Thu, 2 Nov 2017 16:49:20 +0100 Message-ID: Subject: Re: proposal: schema variables To: Robert Haas Cc: PostgreSQL Hackers Content-Type: multipart/alternative; boundary="001a11441764e686a0055d01f04f" List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgsql-hackers Precedence: bulk Sender: pgsql-hackers-owner@postgresql.org --001a11441764e686a0055d01f04f Content-Type: text/plain; charset="UTF-8" 2017-11-02 13:35 GMT+01:00 Robert Haas : > On Thu, Oct 26, 2017 at 12:51 PM, Pavel Stehule > wrote: > > The variables can be modified by SQL command SET (this is taken from > > standard, and it natural) > > > > SET varname = expression; > > Overloading SET to handle both variables and GUCs seems likely to > create problems, possibly including security problems. For example, > maybe a security-definer function could leave behind variables to > trick the calling code into failing to set GUCs that it intended to > set. Or maybe creating a variable at the wrong time will just break > things randomly. > The syntax CREATE OR REPLACE FUNCTION xxx $$ ... $$ SET GUC=, ... is always related only to GUC. So there should not be any security risk. It is another reason why GUC and variables should be separated. I know so there is risk of possibility of collision. There are two possibilities a) use different keyword - but it is out of SQL/PSM and out of another databases. b) detect possible collision and raise error when assignment is ambiguous. I am thinking about similar solution used in plpgsql, where is a possibility of collision between SQL identifier and plpgsql variable. Regards Pavel > > -- > Robert Haas > EnterpriseDB: http://www.enterprisedb.com > The Enterprise PostgreSQL Company > --001a11441764e686a0055d01f04f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


2017-11-02 13:35 GMT+01:00 Robert Haas <robertmhaas@gmail.com&= gt;:
On Thu, Oct = 26, 2017 at 12:51 PM, Pavel Stehule <pavel.stehule@gmail.com> wrote:
> The variables can be modified by SQL command SET (this is taken from > standard, and it natural)
>
> SET varname =3D expression;

Overloading SET to handle both variables and GUCs seems likely to create problems, possibly including security problems.=C2=A0 For example, maybe a security-definer function could leave behind variables to
trick the calling code into failing to set GUCs that it intended to
set.=C2=A0 Or maybe creating a variable at the wrong time will just break things randomly.

The syntax CREATE OR R= EPLACE FUNCTION xxx $$ ... $$ SET GUC=3D, ... is always related only to GUC= . So there should not be any security risk.

I= t is another reason why GUC and variables should be separated.
I know so there is risk of possibility of collision. There are= two possibilities

a) use different keyword - but = it is out of SQL/PSM and out of another databases.

b) detect possible collision and raise error when assignment is ambiguous.= I am thinking about similar solution used in plpgsql, where is a possibili= ty of collision between SQL identifier and plpgsql variable.

=
Regards

Pavel

<= div>
=C2=A0

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

--001a11441764e686a0055d01f04f--